Travel business teams around the world have spent the last several months adjusting to remote working. With social distancing here to stay, and as many companies move to make the shift to remote working permanent, business and leisure device usage are colliding. As a result, ensuring security across multiple devices is more important than ever.
Bad password hygiene was involved in 81 percent of hacks prior to Covid-19, and cyber attacks and phishing campaigns have increased by 40 percent during the pandemic, a significant concern for any business. Cyber criminals have taken advantage of people’s insecurities and need for information during a time where there is a distinct lack of information and trusted voices of authority. Newcastle and Northumbria Universities, both in England, recently suffered a particularly nasty ransomware attack that paralyzed their business operations and has resulted in significant reputational damage. The travel sector, which has suffered some high profile breaches with British Airways and easyJet, should really be leading from the front on prevention.
SkiftX spoke with Lucinda McCaffrey, enterprise account executive and travel lead at LogMeIn, to take a closer look at the top security considerations travel companies with remote teams must keep in mind, including how to avoid cyber attacks and phishing campaigns.
PRIORITIZE YOUR EMPLOYEES
It’s always been an uphill battle for IT teams to satisfy the security demands of their brand and its customers while maintaining ease of use for employees. This was a bit easier to control when employees were using official workstations in a more formal environment, but remote working has blurred these lines, and unfortunately, bad actors are doing what they can to take advantage of these vulnerabilities.
“We’re living in a world where employees are feeling increasingly isolated and may experience higher levels of frustrations with simple issues, like being unable to log in to applications,” McCaffrey said. “Travel brands need to be sensitive to this, and ensure the solutions they are implementing don’t just benefit the brand and its customers, but also enrich the working life of their employees.”
TAKE A STEP BACK AND REEVALUATE THE PRODUCTS THAT ENABLE YOUR REMOTE WORKFORCE
This has been the year where due diligence went out the window as IT teams rushed to enable remote working. Change is happening at the speed of light, and processes that the brand has deemed essential may be based on outdated thinking. In the world of identity and access management, this has meant that brands have rushed to secure a small number of systems or a small number of users, without taking time to understand the scope of password management, single sign-on (SSO), and how multi-factor authentication (MFA) and biometrics enhance deliverables.
“Any digital user within your business who accesses any of your systems is a vulnerability,” McCaffrey said. “Protecting these end users is quick, simple and inexpensive, and when done right also makes the employees lives easier.”
Brands should take a close look at the changes they made to enable remote work throughout 2020, and ensure they are confident that the products and technologies they are using stand up to today’s threats and have enterprise-grade security.
REINFORCE REMOTE SECURITY SYSTEMS
“Fifty-nine percent of digital leaders believe that enhancing their identity and access strategy is business critical,” McCaffrey said, “and a password manager is the simplest way to secure your end users fast. A further 62 percent believe that MFA is the most effective way to secure a remote workforce, and we completely agree. We believe the future of passwords is to go passwordless, and our password manager and MFA offering makes this simple to achieve.”
LastPass eliminates bad credential management by giving travel companies full visibility and control over password health. With SSO, users only need to authenticate themselves once during a session, enterprise password management secures everything that SSO misses, and then MFA makes these processes more secure and user friendly.
“LastPass is the one product I have worked with in my lifetime that users genuinely love, McCaffrey said. “Once they have tried it, they don’t need any convincing.”
Guessing the next move of a cyber attacker is beyond anyone’s control, but companies like LastPass can at least take appropriate action on the tangible threats that exist today, when employees have more passwords to manage than ever before. Otherwise, without the right tools, password management can be a losing battle for employees. By reducing this friction for their remote employees and stepping up security efforts, travel companies will be better equipped for what comes next.